Re: Cannot access files using backed-up EFS key...

That is bad news. What may have happened is at one time you exported the
private key and then selected the option to delete the private key if export
is successful. Newly encrypted files after that point would then use a newly
generated EFS certificate/private key. I suppose corruption of the EFS
certificate/private key could also cause the same. You need the EFS private
key that matches that thumbprint or the files can not be decrypted as they
are protected by AES 256 algorithm.

If you formatted the system drive of the old operating system that was
giving you a problem then the needed EFS private key was most likely
destroyed. It would be in the user profile folder under documents and
settings in the application data\Microsoft\crypto\rsa folder. Though
unlikely it may be possible to recover that folder with a file recovery
program even if the system drive has been formatted. If it is found you may
be able to gain access to your EFS files with the paid help of Microsoft
Support or with a program for EFS recovery from Elcomsoft [see links below]
that will search the computer for EFS private keys and if found prompt you
for the associated username and password to see if you can access it. They
have a free version that can do that but it will only recover very small
files and the full version is around $100. You can email them if you have
any specific questions. The last two links are to downloads for data
recovery programs. --- Steve

http://www.elcomsoft.com/company.html
http://www.elcomsoft.com/aefsdr.html

http://www.snapfiles.com/Freeware/system/fwdatarecovery.html
http://www.snapfiles.com/Shareware/system/swdatarecovery.html

"Lutz" <Lutz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:96FC31CB-ED7C-442E-AD33-681A4A91FED4@xxxxxxxxxxxxxxxx
They don't match! I only had a single Windows username, which is the one I
used to create, access, and encrypt the files. The pfx file I have is the
backup of the key for that username. However, they are totally different
"thumbprints." Does that mean the data's gone for good?

As to the other questions:
* I am told that EFSINFO could not be found/does not exist.
* Yes, the account I'm using has been given full control privleges.
* Yes, they key was imported successfully, though that now seems
irrelevent
since the prints don't match?

Is there any hope of recovery at this point? Is there anything I can do?
Lutz


.

Relevant Pages

  • Re: Replace Domain Controller
    ... Depending on your EFS recovery you may also want to backup your EFS private ... Export your Private Key from Recovery Agent ... private key so that you can recover encrypted data in the event that you ...
    (microsoft.public.windows.server.active_directory)
  • Re: Corrupted Admin Profile
    ... > My view on EFS: ... > Do not to use encryption unless you are in a domain and you know ... as well not having created a Recovery Agent (with backup of the ... > Q241201 How to Back Up Your Encrypting File System Private Key ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Corrupted Admin Profile
    ... > My view on EFS: ... > Do not to use encryption unless you are in a domain and you know ... as well not having created a Recovery Agent (with backup of the ... > Q241201 How to Back Up Your Encrypting File System Private Key ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS file recovery on Win2k
    ... exporting the private key of the recovery agent and then ... deleting it is an important part of securing efs. ... on a standalone box the compromise of the local administrator ...
    (microsoft.public.win2000.security)
  • Re: Help! Make Windows recgonize folder as EFS encrypted
    ... I hate to be the bearer of bad news, but the whole point of EFS is to keep ... people with file recovery tools from being able to do what you are asking to ... How do I make Windows ... > this folder as being encrypted? ...
    (microsoft.public.windows.server.general)